CS 201: Runtime Monitors for Hybrid Mobile Apps and Other Stories, MEERA SRIDHAR, University of North Carolina at Charlotte

Nov 29, 2018

Speaker: Meera Sridhar
Affiliation: University of North Carolina at Charlotte

ABSTRACT: The formidable growth of the cyber-threat landscape today is accompanied by an imperative need for providing high-assurance software solutions. In the last decade, binary hardening via In-lined Reference Monitoring (IRMs) has been firmly established as a powerful and versatile technology, providing superior security enforcement for many platforms. IRM frameworks rewrite untrusted binary code, inserting runtime checks to produce safe, self-monitoring code; IRMs are equipped with the ability to enforce a rich set of history-based policies, without requiring access to source code. In this talk, we present HybridGuard, an IRM framework for hybrid mobile apps. Hybrid mobile frameworks, such as React Native, Ionic, PhoneGap etc., are rapidly becoming the mainstay technology for developing mobile apps. Here, the developer need only write web code, and the framework automatically ports to popular mobile platforms such as Android, iOS etc. While slick, quick, and cost-effective, the exposure of sensitive mobile device resources to web content dramatically increases the attack surface, rendering the apps vulnerable to a slew of dangerous attacks such as code-injection, fracking, cross-site scripting, tapjacking, amongst others. HybridGuard allows developers fine-grained access control and rich policy enforcement over hybrid mobile apps, protecting against the dangerous vulnerabilities that web code inclusion brings. We will discuss the research challenges and successes on adapting the IRM technology to secure this complex, cross-platform mobile space, and probe into its natural extension into the world of Internet-of-Things. BIO: Dr. Meera Sridhar is an Assistant Professor in the Department of Software and Information Systems at UNC Charlotte. Her research interests span language-based and systems security, formal methods, and their application to web, mobile and Internet-of-Things security. Her research is currently supported by the National Science Foundation (NSF). Dr. Sridhar received her Bachelor’s and Master’s degrees in Computer Science from Carnegie Mellon University, and her Ph.D. in Computer Science from The University of Texas at Dallas.